Make your web services secure by default with BunkerWeb, the open source and next generation WAF.

NGINXConfig

La manière la plus simple de configurer un serveur NGINX performant, sécurisé et stable.

This page collects hints how to improve the security of nginx web servers running on Linux or UNIX-like operating systems.

Other tips here: The Ultimate Guide to Secure, Harden and Improve Performance of Nginx Web Server.

Lists useragents, explains useragent string…

I finally got the nginx works for WordPress with subdirectory

https://my-website.com/blog

1. Setup a localhost website to wordpress
   […]

2. nginx reverse proxy

   server {
   listen         443 ssl;
   ...
   
   # the trailing '/' is vital
   location ^~ /blog/ {
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $remote_addr;
       proxy_set_header X-Forwarded-Proto https;
       proxy_pass http://localhost:7789/;
   }
   }

3. defines to wp-config.php

   /** set the site URL */
   define('WP_HOME', '/blog');
   define('WP_SITEURL', '/blog');
   $_SERVER['REQUEST_URI'] = str_replace("/wp-admin/", "/blog/wp-admin/",  $_SERVER['REQUEST_URI']);

4. change wp-includes/load.php to support ssl reverse proxy
   […]

5. make sure to disable the chrome disk cache to debug (F12 -> Disable cache)

NGINX is becoming an increasingly popular HTTP server and has been deployed in more than 400 million sites. If left unattended, issues may crop up from time to time. As such it is imperative to monitor NGINX server regularly for performance and troubleshooting point of view.

Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go

This tutorial guides you on how to optimize your website performance and make it fast by reducing the file sizes using gzip compression in Nginx.

In this article we’ll show you the security and isolation benefits of running sites on LEMP with different Linux users. This will be done by creating different php-fpm pools for each nginx server block (site or virtual host).

General rules of location routing matching:location [=|^~|~|~*|@] path { ... }

A young Russian developer named Igor Sysoev was frustrated by older web servers' inability to handle more than 10 thousand concurrent requests. This is a problem referred to as the C10k problem. As an answer to this, he started working on a new web server back in 2002.

#Shaarli💫 #config #nginx #security #server #tuto

Do you know most of the security vulnerabilities can be fixed by implementing necessary headers in the response header?

Test with:

• SecurityHeaders.com
• CSP Evaluator
• Content Security Policy (CSP) Validator
• Report URI

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'self';";
add_header Referrer-Policy same-origin;
add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";

Nginx is the web server powering one-third of all websites in the world. Detectify Crowdsource has detected some common Nginx misconfigurations that, if left unchecked, leave your web site vulnerable to attack. Here’s how to find some of the most common misconfigurations before an attacker exploits them.